Zip-Slip Vulnerability in HashiCorp's go-slug Library
CVE-2025-0377
7.5HIGH
What is CVE-2025-0377?
HashiCorp's go-slug library is susceptible to a zip-slip attack, allowing an attacker to manipulate file paths during extraction from tar entries. When a user provides a path that doesn't exist, it can be exploited to write to unintended file locations, potentially compromising system integrity. It is essential for users of the go-slug library to address this risk by validating paths and ensuring secure extraction processes.
Affected Version(s)
Shared library 64 bit 0 < 0.16.2